Privacy policy

Table of contents:

1. General information
   1. Important terms
   2. Scope of application
   3. Person responsible
   4. Data Protection Officer
2. The data processing in detail
   1. General information on data processing
   2. Calling up our services
   3. Note on the language selection cookie for the provision of multilingual content
   4. Tracking & usage analysis
3. Rights of data subjects
   1. Right of objection
   2. Right to information
   3. Right of rectification
   4. Right to erasure („right to be forgotten“)
   5. Right to restriction of processing
   6. Right to data portability
   7. Right of cancellation for consent
   8. Right of appeal

Browser: Computer programme for displaying websites (e.g. Chrome, Firefox, Safari)

Cookies: Text files that the web server called up places on the user's computer by means of the browser used. The stored cookie information may contain both an identifier (cookie ID), which is used to recognise the user, and content information such as login status or information about websites visited. The Browser sends the cookie information back to the web server on subsequent, new visits to this page with each request. Most Browser accept Cookies automatically.

Third countries: Countries outside the European Union (EU)

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data Processing on the free movement of personal data and repealing Directive 95/46/EC (General Data Protection Regulation), available at here.

Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Profiling: Any type of automated Processing personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements

Services: Our offers to which this privacy policy applies (see scope of application).

Tracking: The collection of data and its evaluation with regard to the behaviour of visitors to our Services.

Tracking technologies: Tracking can be carried out both via the activity logs stored on our web servers (log files) and by collecting data from your end device via Pixel, Cookies and similar Tracking technologies.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Pixel: Pixel are also known as tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is downloaded from a server on the Internet and the download is registered there. This allows the server operator to see if and when an e-mail has been opened or a website visited. This function is usually implemented by calling up a small programme (Javascript). In this way, certain types of information can be recognised on your computer system and passed on, such as the content of Cookies, time and date of the page view and a description of the page on which the tracking pixel is located.

This privacy policy applies to the following offers:

• our Online offer „Privacy policy / Blue Ocean Entertainment AG / Cup Cake Cats“ (website), available in particular at cupcakecats.com/,
• whenever reference is made to this privacy policy from one of our offers (e.g. websites, subdomains, mobile applications, web services or integrations in third-party sites), regardless of how you access or use it.

All of these offers are also referred to together as „Services“ labelled.

The person responsible for data processing - i.e. the person who determines the purposes and means of Processing of personal data decides - in connection with the Services is:

In this section of the privacy policy, we inform you in detail about the Processing personal data within the scope of our Services. For the sake of clarity, we categorise this information according to certain functionalities of our Services. During normal use of the Services different functionalities and therefore also different processing methods can be used one after the other or simultaneously.

Unless otherwise stated, the following applies to all processing described below:

The provision of personal data is not required by law or contract and you are not obliged to provide data. We will inform you during the input process if the provision of personal data is required for the respective service (e.g. by labelling it as a „mandatory field“). If data is required, failure to provide it will mean that the service in question cannot be provided. Otherwise, failure to provide the data may mean that we are unable to provide our services in the same form and quality.

In various cases, you have the option of giving us your consent to further processing in connection with the processing described below (possibly for part of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes that we pursue with this processing. The processing operations based on your consent are therefore not listed here again (Art. 13 para. 4 GDPR).

When we transfer data to Third countries, If the data is transferred to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated admissibility requirements.

If the transmission of the data to a Third country does not serve to fulfil our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defence of legal claims and there is no other exception under Art. 49 GDPR applies, we will only transfer your data to a third party Third country, if an adequacy decision has been made in accordance with Art. 45 GDPR or suitable guarantees according to Art. 46 GDPR are available.

By concluding the EU standard data protection clauses issued by the European Commission with the receiving organisation, we fulfil the requirements for verification with regard to suitable guarantees in accordance with Art. 46 para. 2 lit. c) GDPR, and with regard to an appropriate level of data protection in the Third country. Copies of the EU standard data protection clauses are available on the website of the European Commission, available at here.

Our data processing is carried out to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centres and also process personal data on our behalf in accordance with our instructions. Personal data may be transmitted to hosting service providers for all of the functionalities listed below. These service providers either process data exclusively in the EU or we have guaranteed an appropriate level of data protection with the help of the EU standard data protection clauses (see c.).

We transfer personal data to state authorities (including law enforcement authorities) if this is necessary to fulfil a legal obligation to which we are subject (legal basis: Art. 6 para. 1 lit. c) GDPR) or it is necessary for the establishment, exercise or defence of legal claims (legal basis Art. 6 para. 1 letter f) GDPR).

The „Storage period“ section indicates how long we use the data for the respective processing purpose. After this period has expired, the data will no longer be processed by us, but will be deleted at regular intervals, unless there is a need for continued storage. Processing and storage is provided for by law (in particular because it is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims) or you give us further consent.

Some of the data processing described in the following sections is carried out with the help of Cookies. The information stored in a cookie can only be accessed via the Internet by the operator of the web server that originally set the cookie. Access by third parties in this way is not possible. The Cookies have different functional durations. Some Cookies are only active during a browser session and are deleted afterwards, others function for longer periods, but usually for less than a year. At the end of the functional period, a cookie is deleted by the Browser deleted. You can Cookies using the browser functions (usually under „Options“ or „Settings“). This allows the saving of Cookies deactivated, made dependent on your consent in individual cases or otherwise restricted. You can Cookies can also be deleted at any time.

In the following sections, the following summarising category designations are used for certain types of data:

• Access data: Date and time of the visit to our service; the page from which the accessing system reached our site; pages accessed during use; data for session identification (session ID); also the following information from the accessing computer system: internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.

We collect personal data from publicly accessible sources. Publicly accessible sources include, in particular, publicly accessible websites, all public directories that are available to the general public (telephone and similar directories) and public registers, even if they may require a login (e.g. commercial register).

We process all categories of data that are stored in publicly accessible sources. This may be, for example Personal master data, Address data, Contact details, Payment data, Order data, as well as all other categories of data, such as interests, preferences, affinities and the like.

The data is collected for the purpose of fulfilling the principle of accuracy in accordance with Art. 5 para. 1 letter d) GDPR, where applicable, the purpose of contract performance in accordance with Art. 6 para. 1 letter b) GDPR, if necessary for the purpose of enforcing rights and for debt collection in accordance with Art. 6 para. 1 letters b) and f) GDPR, as well as for the purpose of direct advertising in accordance with Art. 6 para. 1 letter f) GDPR in conjunction with recital 46 GDPR.

Below we describe how your personal data is processed when you visit our website. Services are processed (e.g. loading and viewing the website, opening and navigating within the mobile device app). In addition, we use technically or legally necessary auxiliary tools that do not collect any data themselves (such as a tag manager), but only serve the security of the website, the administration and operation of other tools or the administration of consents given by you (Consent Management Platform). In particular, we would like to point out that the transmission of Access data to external content providers (see under b.) is unavoidable due to the technical functioning of information transfer on the Internet. The third-party providers themselves are responsible for the data protection-compliant operation of the IT systems they use. The decision on the storage period of the data is the responsibility of the service providers.

In the following, we describe the cases in which the use of our Services Your personal data for analysing the use of our website Services are processed and when tracking technologies are used to track and evaluate the behaviour of visitors, for example to display advertising tailored to them.

Blue Ocean Entertainment AG adheres to the requirements of the IAB Europe Transparency & Consent Framework and complies with its specifications and guidelines.

1. Usage analysis with legal basis of legitimate interest, Art. 6 para. 1 letter f) GDPR

   We conduct usage analyses on the basis of the legal basis Art. 6 para. 1 letter f) GDPR through, i.e. after a Weighing of interests. You can find an overview of the technologies and services used in our consent dialogue (accessible in the footer and/or via the respective privacy icon on the website). There you will also find an explanation of each service, how it works and which data is used for the processing. Processing can be used.

   In doing so, we pursue legitimate interests,

   • ours Services to optimise them and adapt them to the needs of users and to correct errors,

   • Key figures on the use of our Services (reach, usage intensity, surfing behaviour of users) statistically - on the basis of uniform standard procedures - and thus to obtain market-wide comparable values in order to optimise our Services optimised marketing,

   • measure the success of advertising campaigns, optimise our ads for the future and enable marketers and advertisers to optimise their ads accordingly.

   Can I object to the survey and analysis?

   Yes, there is a possibility to object to the respective Processing can be found in our consent dialogue (accessible in the footer and/or via the respective privacy icon on the website).

2. Tracking with legal basis consent, Art. 6 para. 1 letter a) GDPR

   We carry Tracking if you give your consent. We explain the type and scope of tracking in our consent dialogue (accessible in the footer and/or via the respective privacy icon on the website). For clarification: If no consent is requested, no data processing takes place on this basis. Tracking instead.

   Consent is voluntary. It is given by clicking on our Services click on the corresponding button in the consent dialogue. There you will find all the necessary information about the type and scope of data processing.

   Can I revoke my consent?

   Once you have given your consent, you can revoke it at any time for the future. You will find an option to revoke your consent in our consent dialogue (accessible in the footer and/or via the respective privacy icon on the website). The lawfulness of the Processing until cancellation remains unaffected.

If we process your personal data for direct marketing purposes, you have the right to object to this processing at any time with effect for the future. Processing personal data concerning you for the purpose of such advertising; this also applies to the right to object to the Profiling, insofar as it is associated with such direct advertising.

You also have the right, for reasons arising from your particular situation, to object to the processing of your personal data at any time with effect for the future. Processing personal data concerning you, which have been Art. 6 para. 1 letter e) or f) GDPR This also applies to an objection based on these provisions. Profiling.

You can exercise your right to object free of charge. To process your request more quickly, please preferably use our form under the following link:
Data protection enquiry form

You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the other information specified in Art. 15 GDPR listed information.

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the Processing you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds set out in Art. 17 para. 1 GDPR the above reasons apply and the Processing not for one of the Art. 17 para. 3 GDPR regulated purposes is required.

You are entitled to impose a restriction on the Processing of your personal data if one of the reasons listed in Art. 18 para. 1 letters a) to d) GDPR regulated conditions are met.

You have chosen from the Art. 20 para. 1 GDPR In exercising your right to data portability, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us. When exercising the right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

As far as the Processing is based on your consent, you have the right to withdraw your consent at any time. The legality of the processing carried out on the basis of the consent until the revocation Processing is not affected by this.

You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is
The State Commissioner for Data Protection of Baden-Württemberg, P.O. Box 10 29 32, 70025 Stuttgart, https://www.baden-wuerttemberg.datenschutz.de/

Stand: 10.11.2025